From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Thu, 2 Dec 2021 10:29:45 +0000 (+0100)
Subject: meson: disallow the combination of cryptolib=openssl and dns-over-tls=gnutls
X-Git-Tag: v250-rc1~88^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F21170%2Fhead;p=thirdparty%2Fsystemd.git

meson: disallow the combination of cryptolib=openssl and dns-over-tls=gnutls

It could work, but it doesn't make much sense. If we already have openssl as
the cryptolib that provides the necessary support, let's not bring in another
library. Disallowing this simplifies things and reduces our support matrix.
---

diff --git a/meson.build b/meson.build
index 968d752fded..4cc97d664e3 100644
--- a/meson.build
+++ b/meson.build
@@ -1448,9 +1448,25 @@ else
 endif
 conf.set10('HAVE_DBUS', have)
 
+# We support one or the other. If gcrypt is available, we assume it's there to
+# be used, and use it in preference.
+opt = get_option('cryptolib')
+if opt == 'openssl' and conf.get('HAVE_OPENSSL') == 0
+        error('openssl requested as the default cryptolib, but not available')
+endif
+conf.set10('PREFER_OPENSSL',
+           opt == 'openssl' or (opt == 'auto' and conf.get('HAVE_OPENSSL') == 1 and conf.get('HAVE_GCRYPT') == 0))
+conf.set10('HAVE_OPENSSL_OR_GCRYPT',
+           conf.get('HAVE_OPENSSL') == 1 or conf.get('HAVE_GCRYPT') == 1)
+lib_openssl_or_gcrypt = conf.get('PREFER_OPENSSL') == 1 ? libopenssl : libgcrypt
+
 dns_over_tls = get_option('dns-over-tls')
 if dns_over_tls != 'false'
-        if dns_over_tls == 'openssl'
+        if dns_over_tls == 'gnutls' and conf.get('PREFER_OPENSSL') == 1
+                error('Sorry, -Ddns-over-tls=gnutls is not supported when openssl is used as the cryptolib')
+        endif
+
+        if dns_over_tls == 'openssl' or conf.get('PREFER_OPENSSL') == 1
                 have_gnutls = false
         else
                 have_gnutls = (conf.get('HAVE_GNUTLS') == 1 and libgnutls.version().version_compare('>= 3.6.0'))
@@ -1511,18 +1527,6 @@ else
 endif
 conf.set10('ENABLE_REPART', have)
 
-# We support one or the other. If gcrypt is available, we assume it's there to
-# be used, and use it in preference.
-opt = get_option('cryptolib')
-if opt == 'openssl' and conf.get('HAVE_OPENSSL') == 0
-        error('openssl requested as the default cryptolib, but not available')
-endif
-conf.set10('PREFER_OPENSSL',
-           opt == 'openssl' or (opt == 'auto' and conf.get('HAVE_OPENSSL') == 1 and conf.get('HAVE_GCRYPT') == 0))
-conf.set10('HAVE_OPENSSL_OR_GCRYPT',
-           conf.get('HAVE_OPENSSL') == 1 or conf.get('HAVE_GCRYPT') == 1)
-lib_openssl_or_gcrypt = conf.get('PREFER_OPENSSL') == 1 ? libopenssl : libgcrypt
-
 default_dnssec = get_option('default-dnssec')
 if skip_deps
         default_dnssec = 'no'